LDAP security in ADF11g

HI,
I have already developed a ADF 11g ( JDEV 11.1.2.2.0) Fusion application. I have a user login page, where I need to check the authentication using LDAP + MS active directory. Should the application development start with a ldap already configured? How to implement the LDAP authentication in my application?
Have any document with the steps to develop an application that would be deployed with LDAP? It would be helpful.
Regards,
Infanta
Edited by: Infanta on Feb 17, 2013 10:35 PM

No, you don't need to develop with ldap in mind if you use adf security.
Check:
http://chadthompson.me/2012/07/19/ldap-server-impact-on-secure-adf-applications/
https://blogs.oracle.com/jruiz/entry/debugging_adf_security_in_jdeveloper
Timo

Similar Messages

  • Internal error message configuring LDAP security options in CMC

    After entering LDAP security information in Central Management Console - option authentication, when clicking 'Finish' an error message appears: "internal error in secLdap complement".  How can I solve this problem ?

    Hi,
    Please check that whether you are following the proper steps while configuring the LDAP.
    You can refer the BusinessObjects Admin guide for the configuration:
    http://help.sap.com/businessobject/product_guides/boexir31/en/xi3-1_bip_admin_en.pdf
    And also, please check troubleshooting section for more information.
    Regards,
    Noor.

  • LDAP Security Realm

    Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URL admins
    user name and password. I want to be able to interface this connection to access
    the LDAP and make changes to user information within in the ldap. Right now in
    my code I make a connection to the LDAP and supply the same user name and password
    set up in the LDAP security realm. I want to be able to rather then re-supply
    the URL and user name and password in my code I want to be able to just get that
    (or create a connection simil;ar to a jdbc connection pool) connection to the
    LDAP that configured in the Security Realm. Is this possible? And how would I
    go about it if so?
    Thanks
    Sjb

    the LDAPConnection pool which is used WLS Realm is not accessible to public
    for programming.
    thanks
    kiran
    "Sjb" <[email protected]> wrote in message
    news:3f5744c1$[email protected]..
    >
    Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URLadmins
    user name and password. I want to be able to interface this connection toaccess
    the LDAP and make changes to user information within in the ldap. Rightnow in
    my code I make a connection to the LDAP and supply the same user name andpassword
    set up in the LDAP security realm. I want to be able to rather thenre-supply
    the URL and user name and password in my code I want to be able to justget that
    (or create a connection simil;ar to a jdbc connection pool) connection tothe
    LDAP that configured in the Security Realm. Is this possible? And howwould I
    go about it if so?
    Thanks
    Sjb

  • LDAP security provider and web service authentication

    Background: we are currently developing web services to our existing weblogic application. Our users can configure user/password authentication in one of three ways: database, LDAP, or SSO. Setting SSO aside, we need to implement the same authentication for database and LDAP that we use in our existing logon servlet in our web services. In our servlet we detect which they are configured for and, if database, authenticate the encrypted password to a database table we have for user id/password. If LDAP we use weblogic.servlet.security.ServletAuthentication and the weak() method to authenticate.
    We've to use SOAP headers to communicate username/password from the client to the web service. We want to code a SOAP message handler to grab the username/password and do the authentication there. We've successfully put something together that handles the database authentication no problem and are now struggling with how to handle the LDAP authentication. We distribute a LDAP security provider we've coded for LDAP authentication. I guess what I am looking for is an equivalent functionality provided with weblogic.servlet.security.ServletAuthentication. Note that I realize the weblogic.servlet.security package has been deprecated starting with Weblogic 9.0 but cannot find what functionality replaces it. Any help there would be appreciated as well.
    Note that I am fairly new to web service development (about 10 months now) and definitely new to web service security and Weblogic security. I tried digging into the volumes of documentation out there regarding these two topics but am simply having a difficult time sorting it all out and figuring out how to do what I want to do.
    Thanks in advance!
    Julia

    Hi,
    Add Provider (LDAP Credentials) in Admin console Security Realm --> defaultrealm -->Providers. Configuring Ldap in Admin Console will enable Admin Server to connect to LDAP. All the LDAP preconfigured Users/Groups will be available in Users and Groups Tab of Security Realms >defaultrealm >Users and Groups. Add Roles using Security Realms >defaultrealm > Roles and Policies > Global Roles > Roles. Add Role Conditions to the role by specifying users/groups configured in LDAP. If your webservice runs with SSL Anotate the Webservice file something like this below.
    @RolesAllowed({
    @SecurityRole(role="test")
    @Policy(
    uri="policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",
    attachToWsdl=true)
    Here the role is Preconfigired role in AdminConsole. Add the following tag in the soapenv:header.
    <soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken>
    <wsse:Username>test</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header>

  • Using LDAP security in Oracle BI Publisher.

    Hi,
    We have newly set up BIP for an environment and we have enable Oracle BI Server security model and only Administrator and Super user has access to view all BIP reports.
    Now some of the business users want to have access to BIP reports and folders. These Users are having access OBI dashboards through LDAP and Object level security is defined by webgroups coming from Siebel source, they are wishing to navigate from OBI to BIP through Products link.
    In this case, we thought to enable LDAP security model in BIP, but how Administrator Access will work after we enable LDAP security model. There are some BIP reports embedded in OBI dashboards, will they work after enabling LDAP security.
    Please advise.
    Thanks
    Krishna

    Please let me know if someone can help on this.
    Thanks
    Krishna

  • Understanding LDAP Security Groups - Need assistance...

    Hi,
    Can someone walk me through a simple step-by-step outline of how to adjust LDAP security groups so that they work properly with report objects and folders.  I've added a number of LDAP groups to our server and see the user accounts in them but am having difficulty understanding how to apply these groups to the right folders and have access behave correctly.  As an example I have a couple groups where a few users are in LDAP under MKTDEPT and others are under SYSUSR.  A few users are in both.  I want to give MKTDEPT view rights to a folder whereas SYSUSR gets schedule rights.  I'm having an issue with teh Everyone group in that I have to set it to at least 'view' for anyone to see anything.  This is even though the MKTDEPT and SYSUSER user security is set lower.  So what's the best approach to get this to work right?  Any steps or documents that could help me out would be terrific.
    Thanks,
    Dom

    Dominic,
    Most of the information you need is in the Administration Guide.
    That said, here's how I would do it:
    Lets say MKTDEPT has users A,B,C,D,E and SYSUSER has users B,C,D,H,J. Lets call the folder you want to assign rights to as (rather unimaginatively) FolderA.
    For FolderA, set the following rights.
    Everyone Group --> No Access
    MKTDEPT --> View
    SYSUSER --> Schedule
    The problem now is dealing with users that belong to both group. For this, I would create a new (Enterprise) group called MKTSYS and add the common users to that group. This group would get Schedule rights to FolderA.
    Also, as a practice, it is best to create Enterprise copies of your LDAP groups (especially since you have users that can belong to multiple LDAP groups). So, you would have
    *MKTDEPTENT which contains users in the MKTDEPT LDAP group.
    SYSUSERENT  which contains users in the SYSUSER LDAP group.*
    I would then add these groups to the list of groups with access to FolderA.
    So, the list of groups with access to FolderA would be:
    Everyone
    MKTDEPTENT
    SYSUSERENT 
    MKTSYS
    and the rights would be:
    Everyone Group --> No Access
    MKTDEPTENT --> View
    SYSUSERENT --> Schedule
    MKTSYS --> Schedule
    Please note that the Everyone Group does not need to have View access. That said, the Everyone Group does need to be in the access list for FolderA.
    Also, while this method of replicating LDAP group structure in BO creates additional administrative work, I am of the opinion that it is a small price to pay to prevent unauthorized access.
    Hope this helps,
    Srinivas

  • Error configuring BI Publisher 10.1.3.3.2 with OID LDAP Security Config

    I have installed BI Publisher Enterprise Standalone version 10.1.3.3.2 and am able to successfully log in as Administrator. I need to integrate BI Publisher with LDAP. I accessed the Security Configuration section and updated the LDAP information and set up the required XMLP_* groups in OID and assigned them to OID users as instructed in the BI Publisher users document, however the LDAP connection does not appear to be working. When I log in as a user that has been assigned to the XMLP_ADMIN or users that have been assigned to one of the other XMLP_* groups I get an error message:
    Error
    The server can not be used due to a configuration error, please contact the administrator. If you are the administrator, please consult BI Publisher user guide for proper configuration. Then when I click on the Error Details link I get the following information:
    oracle.apps.xdo.security.ValidateException
    I have verified that the LDAP information entered is correct. The values in my xmlp-server-config.xml are below:
    <property name="SUPERUSER_PASSWORD" value="value not included for security reasons"/>
    <property name="SUPERUSER_USERNAME" value="Administrator"/>
    <property name="GUEST_FOLDER" value="false"/>
    <property name="LDAP_PROVIDER_GROUP_ATTR_DESCRIPTION" value="description"/>
    <property name="SAW_SERVER" value=""/>
    <property name="SAW_USERNAME" value="Administrator"/>
    <property name="LDAP_PROVIDER_GROUP_ATTR_MEMBER" value="uniquemember"/>
    <property name="LDAP_PROVIDER_ADMIN_USERNAME" value="orcladmin"/>
    <property name="SAW_VERSION" value="v4"/>
    <property name="ENABLE_SUPERUSER" value="true"/>
    <property name="LDAP_PROVIDER_URL" value="ldap://stars.rogersgroupinc.com:389/"/>
    <property name="DEBUG_LEVEL" value="debug"/>
    <property name="LDAP_PROVIDER_GROUP_SEARCH" value="(&(objectclass=groupofuniquenames)(cn=*))"/>
    <property name="SAW_SESSION_TIMEOUT" value="90"/>
    <property name="SAW_PORT" value=""/>
    <property name="SAW_PROTOCOL" value="http"/>
    <property name="SECURITY_MODEL" value="LDAP"/>
    <property name="LDAP_PROVIDER_ADMIN_PASSWORD_ENC" value="value not included for security reasons"/>
    <property name="LDAP_PROVIDER_GROUP_SEARCH_ROOT" value="cn=groups,dc=rogersgroupinc,dc=com"/>
    <property name="SAW_PASSWORD_ENC" value="41671566C02C7880B95B49C7F8D40467"/>
    <property name="LDAP_PROVIDER_FACTORY" value="com.sun.jndi.ldap.LdapCtxFactory"/>
    <property name="LDAP_PROVIDER_USER_DN" value="cn=hrsyncuserstest,cn=users,dc=rogersgroupinc,dc=com"/>
    <property name="LDAP_PROVIDER_GROUP_ATTR_NAME" value="cn"/>
    I have opened an SR on this but so far have not gotten anywhere. Any assistance is appreciated. Thanks.
    New information: I found the following messages in the default_group~home~default_group~1.log file:
    When the service starts the following message appears -
    [021208_091215109][][STATEMENT] oracle.apps.xdo.servlet.resources.ResourceNotFoundException: /data/oracle/bipubtest/10.1.3/xmlp/XMLP/Admin/Security/pkiconfig.xml
    at oracle.apps.xdo.servlet.ReportException.fillInStackTrace(ReportException.java:124)......
    and when I attempt to log in I get the following error:
    [021208_091704879][][EXCEPTION] javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66).......
    I have tested this user with ldapbind as shown below and
    I get a bind successful so I am not sure why I am getting the Invalid Credentials error:
    ldapbind -h stars.rogersgroupinc.com -p 389 -D "cn=droberts,cn=hrsyncuserstest,cn=users,dc=rogersgroupinc,dc=com" -w <password not included>
    Message was edited by:
    user571286
    I am disappointed that I have received no responses to this issue either on the forum or on my SR with Support. If I need to provide more detailed information in order to get assistance please let me know. Our project is at a standstill until this issue is corrected so I really need some assistance in finding a solution.
    Message was edited by:
    user571286

    Thank you SO MUCH, Dave! I had entered cn=orcladmin in the Security Configuration screen and did not notice that it was saved to the xmlp-server-config.xml as orcladmin... I manually editted the xmlp-server-config.xml file to cn=orcladmin and it appears to be working now!
    Why is the entry not saving correctly from the Security Configuration screen? Is this a bug?
    Thanks again, Dawna.

  • LDAP security authentication in weblogic sp4 (URGENT)

    We have a web application which interacts to the D/B to authenticate a user during our login process. Now we are trying to change the login to LDAP authentication. Here is the List I did on weblogic configuration correct me if this is correct or if am missing any thing.
    1. Created a Realm
    2. Created a NOVELL LDAP Authenticator (configured user, groups, members, Novell LDAP, Details)
    3. Created a X.509 certificates ????? Do I need to create this one for authentication. The only question is I am confused by these parameters and help me out in figuring out these:
    a. filter attributes = cn=$subj.cn
    b. username attribute = cn
    c. userCertificate;binary ??? ( I have a certificate idmtree.der where do I add configuration about this certificate in the console)>>>>>>>>
    d. certificate mapping : ou=user,ou=$subj.ou,o=$subj.o,c=$subj.c (IS THIS CORRECT)
    4. created a new Weblogic Default Authorizer...
    5. created a new Weblogic Default Role Mapper...
    6. created a new Weblogic Default Credential Mapper ...(Do I need to setup my certificate inside this credential mapper or not.)
    7. I made this realm as the DEFAULT realm and started the server
    I get the following exception.
    Initializing RoleMapper provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift.>
    The RoleMapper provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift>
    Initializing Authorizer provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift.>
    The Authorizer provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift>
    Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
    Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
    Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
    Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
    Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure.>
    Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
    [java.lang.reflect.InvocationTargetException - with target exception:
    [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
    weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
    [java.lang.reflect.InvocationTargetException - with target exception:
    [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:205)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:262)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:581)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:700)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
    at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:822)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
    at weblogic.Server.main(Server.java:32)
    >
    ####<Apr 6, 2006 10:42:55 AM CDT> <Emergency> <WebLogicServer> <DXPCHI029398> <myserver> <main> <<WLS Kernel>> <> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
    [java.lang.reflect.InvocationTargetException - with target exception:
    [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]>
    ANY HELP on this would be greatly appreciated am totally exhausted seeing these error messages from morning.
    I would like to know if I need a client for connecting to this LDAP authenticator. As am using the Novell API to access the LDAP directory. Let me know, and if so can some one provide me a snippet code.\
    Waiting for response.
    thanks in advance
    kiran

    Hi Christoper,
    Based on your description, this seems to be more of a security related question than a workshop one.
    Please post to the security newsgroup at http://forums.bea.com/bea/category.jspa?categoryID=2011
    with information on service pack installed
    Thanks
    Raj

  • Weblogic ldap security realm source code..

    Hi,
    The LDAPv2 security realm that is provided with weblogic 6.1 is great but I
    need to make several extensions to allow for the way our ldap tree is
    structured. Is there any chance that I can get the source code from weblogic
    so that I can extend it ?
    thx,
    B

    What's the use of following if BEA start sending the code to the end users
    * @author Copyright (c) 1998 by WebLogic, Inc. All Rights Reserved.
    * @author Copyright (c) 1998-2001 by BEA Systems, Inc. All Rights Reserved.
    -utpal
    "Bidisha Das" <[email protected]> wrote in message
    news:[email protected]..
    Hi,
    The LDAPv2 security realm that is provided with weblogic 6.1 is great butI
    need to make several extensions to allow for the way our ldap tree is
    structured. Is there any chance that I can get the source code fromweblogic
    so that I can extend it ?
    thx,
    B

  • Whether WLC support LDAP Secure ?..

    Hi ,
    We are using 5508 WLC with software version of 7.4.100.60 . Whether this code will support that ? When we tried LDAP on with port number 389 , we are able to authenticate the user . But with LDAPS on port number 636 we are not getting response from AD?
    Any clue on this...
    Thanks,
    Regards,
    Vijay.

    You can change the port, but you are not changing how it communicates by changing the port. If you search for WLC LDAP Configuration, you will not see any reference to supporting LDAPS. If there was a setting on the WLC to choose to use LDAP or LDAPS, then it would work. You have also tested it and you can see it doesn't work. Sniff the traffic and see if it is secure or not as that will also tell you.
    You can alway contact your local SE and put in for a feature request for that.
    Sent from Cisco Technical Support iPhone App

  • 3rd party LDAP security provider problem

    I'm having an issue that when I've deployed my j2ee application to Oracle AS 10g rel3 app server, the security-constraint I've configured in my web.xml file isn't being obeyed, or at least it doesn't appear to be.
    As part of the deployment process I've configured a 3rd party LDAP server as the security provider. As for mapping groups to roles, I've set it such that all users and groups should be mapped to the role AuthorisedUser - my intention is that for any protected url's defined in the web.xml, the user should be redirected to a login page as defined in the web.xml file as well (I'm using FORM based authentication in the login-config) - but after they are logged in they will be assigned the role of AuthorisedUser.
    The following is being written to the orion-application.xml file
    <security-role-mapping name="AuthorisedUser" impliesAll="true" />
    What I'm observing is that users aren't being challenged when they hit a secured url-pattern. Is this as a result of the impliesAll="true" attribute ?

    I found that the <security-role-mapping> element is not functioning correctly for 10.1.3.4 OC4J LDAP authentication. I saw in the log.xml that I was getting authenticated but it wasn't finding the role-group map.
    I changed the role-name in the web.xml to be the exact same thing as the group in LDAP and that fixed that problem.
    I know the original poster has gone past this problem, but for people in the future, I hope this helps.
    Now my problem is the j_security_check... once I'm authenticated, the browser ends up at http://hostname:port/OrderManagement/j_security_check instead of the application page. Any ideas?
    Thanks,
    David

  • Ldap security provider leads in 401 errors in WL 12.1.3

    I'm facing a migration from 10.3.2 to 12.1.3. The configuration is almost the same (I'll bet that config.xml is more or lest the same from previos version).
    In my environment, the user's authentication and authorization is made using an external (not embeded) ldap. Needles to say that everything works perfect in 10.3.2, but in the new version the behaviour is weird:
    * First time a user tryes to enter in the system the application returns a 401 error.
    * Next attempt the user can enter into the system without problem.
    * If the user continues using the system, there are no problems.
    * If the user doesn't re-connect to the system after some time 401 error is returned again.
    I find out that if I disable the ldap cache everything works fine. But in a production enviroment I believe cache is a must.
    Does anyone have faced this issue?

    Verified WebLogic Classloading using CAT '( wls-cat  app ) and found oracle.dms.console.DMSConsole was loaded from web-inf jar and ucp classes were loaded from jar from weblogic, used below entry in weblogic.xml to load everything from web-inf  to resolve the issue
      <container-descriptor>
          <prefer-web-inf-classes>true</prefer-web-inf-classes>
       </container-descriptor>
    Thanks
    Sandeep

  • LDAP Security Integration to JSF

    I would like to integrate a security system that we use to the JSF project I'm developing. The setting is as follows:
    We have a centralized single signon authentication system (OBLIX) that present the user with a login screen. Once the user logs in successfully, the system will direct the user to a url of my choice. The login information, such as user id, will be stored in the request as parameters.
    I'm new to JSF. So far I have not have to use any servlets in jsf. All I have done in my application with JSF are backing beans and control beans. The business logic resides in the control beans which invoke the backend model programs (which deals with database etc.).
    The question is how to integrate this OBLIX security nicely into my application. Can I have OBLIX direct a successful login to a jsp that triggers a control bean automatically? I need to read off the request parameters to find out who the login user is.
    Is this something that should be done with JSF listeners?
    Thanks in advance. I hope to hear from you experts soon.

    Hi Gary,
    maybe get in contact with Scott Spendolini from Sumner Technologies (http://sumnertechnologies.com/), I think these guys have some experience integrating APEX with eBusiness Suite.
    Patrick
    My APEX Blog: http://inside-apex.blogspot.com
    The ApexLib Framework: http://apexlib.sourceforge.net
    The APEX Builder Plugin: http://sourceforge.net/projects/apexplugin/

  • Datalevel security in Ldap

    Hi Experts,
    I have one doubt
    when we are using LDAP Security how should we give Data level security for a single user.
    Can you please explain this in details with example.
    thanks in advance
    Regards,
    Jel

    Hi,
    once LDAP got working then u can able to see AD users in RPD (identity user list) here u can just apply data level security.
    ley say userA is the AD users, once its shows in RPD
    Steps to set up data filters to apply row-level authorization rules for queries:
    1)
    Go to your repository in the Administration Tool--->
    Select Manage, then select Identity.--->
    In the Identity Manager dialog, in the tree pane, select BI Repository.-->
    In the right pane, select the Users tab , then double-click the anyof one AD user for which you want to set data filters.
    (if u r not able to find the AD user just set online filter and put it * then it will shows up)
    2) In the Application Role dialog, click Permissions.
    In the User Role Permissions dialog, click the Data Filters tab.
    To create filters, you first add objects on which you want to apply the filters. Then, you provide the filter expression information for the individual objects.
    For example,
    a filter like "Sample Sales"."D2 Market"."M00 Mkt Key" > 5 to restrict results based on a range of values for another column in the table.
    You can also use repository and session variables in filter definitions. Use Expression Builder to include these variables to ensure the correct syntax.
    Note: my suggestion beeter to set application role wise security (if u go with user level data security strange in feature case maintanance)
    Kindly refer the below (similar way for AD users)
    http://gerardnico.com/wiki/dat/obiee/security_level#data
    http://obieeblog.wordpress.com/category/obiee/obiee-security/
    http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security
    http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
    Thanks
    Deva

  • Is LDAP on Port 3269 Secure?

    Is LDAP on port 3269 (for third party app authentication) secure by default or are user names and passwords being passed over the network in clear text unless your add separate SSL encryption on the connection?
    Why would you use port 3269 for LDAP vs port 636?

    The global catalog is not hosting the same information. In a nutshell, the ports 389/636 can be used to target a domain specific information (the domain of the domain controller you target) and the ports 3268/3269 (global catalog) are used to target
    forest wide information (read only copy of the objects of every domain but not all attributes). So depending of what the application is trying to look at you might use one or the other. For example if you are looking up email addresses, you can target a global
    catalog. If you are look at global group membership, you need to target a specific domain.
    Now regarding the securing around the credential you use for the bind, it is very well summarized in this article:
    http://blogs.technet.com/b/askds/archive/2009/09/21/understanding-ldap-security-processing.aspx
    If your application is performing a simple bind, then the password will be send in clear text. Therefore you should use SSL (636 or 3269 for global catalog). You can also configure your domain controller to reject simple binds if they are performed over
    a non-SSL connection (see here:
    https://support.microsoft.com/kb/935834).
    Note that SSL is not available by default on your domain controllers. You need to deploy a PKI and issue certificate for your domain controller. This is more or less automatically done if you are using an Microsoft enterprise PKI, it might require extra
    manual steps if you are using a third party certificate service.
    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Maybe you are looking for

  • How to find system time.

    Hi, Please let me know the SQL query to find the system time. I am using a Windows server with Oracle 9.2.0.1.0 . Regards, Santhosh

  • RF menu Queue assignment

    Hi, we are using 2 server ,server-1 and 2, while creating delivery in server-1, and also TO,the TO has been assigned to the queue, if we are created delivery in server-1 and itis getting distributed to server-2 and creating TO in server-2 then the Qu

  • Ignoring eventDuplicate events under certain circumstances

    Hi All, I am developing a Photoshop cs2 plugin for powerpc mac. My plugin does some processing when the user tries to duplicate channel. I handle by capturing 'eventDuplicate' in my plugin. My problem is 'eventDuplicate' is also trigged when user tri

  • Zen Sleek problem! Blank, Black Scr

    Ok, I installed the disk that was included and windows media 0. I charged my zen, but I cannot see anything but a blank, black screen. Sometimes I can hear music, sometimes I cant', can anyone help me out? I have unplugged the zen sleek a few times t

  • How to organise the forms

    I am new user this blog. i don't know how to use this blog. and i am new learner of OBIEE can you Plz help me how can we use it.